[Cerowrt-devel] default zones including interfaces and babel

[Cerowrt-devel] default zones including interfaces and babel

[Matt Taggart]

Hi cerowrt-devel,

In a default 3.10.50-1 install on the Network->Firewall->General settings 
page, there are some default zones for wan, lan, guest.

They don't appear to have any interfaces assigned to them, I am guessing 
the intent is:

ge00: wired wan port, should be 'wan' zone
gw00, gw10: guest 2.4/5 wireless, should be 'guest' zone
se00: wired switch ports, should be 'lan' zone
sw00, sw10: secure 2.4/5 wireless, ? zone
gw01, gw11: babel 2.4/5 wireless, ? zone

0) shouldn't the interfaces be assigned to zones?

1) If the intent is that se00, sw00, sw10 can all communicate freely, maybe 
the zone name should be 'private' or 'secure' (rather than 'lan') and they 
should all be part of that?

2) What zone should the babel devices be in, what do they need to be able 
to do?

This is maybe a good segway into some other questions I have:

* is there a good description of how the babel stuff works?
I found this
  http://www.bufferbloat.net/projects/cerowrt/wiki/Mesh
which explains configuring, but I guess I would like something like a walk 
through of how a wireless client connects to an interior router and how 
things make it to the internet and back.

* if I need to secure both my guest wireless and secure wireless networks, 
what does that mean for security of the babel networks and what (if 
anything) stops someone from using them? given that I haven't set 
credentials anywhere on the routers to make it work, I am guessing nothing. 
I think the last time I wirelessly connected two routers it was using the 
old Linksys WDS and it used credentials somehow...

Thanks,

-- 
Matt Taggart
matt@lackof.org

Re: [Cerowrt-devel] default zones including interfaces and babel

[Nathan]

[-- Attachment #1: Type: text/plain, Size: 2114 bytes --]

Known GUI bug. The firewall display is incorrect. See this message from a
few weeks ago:
https://lists.bufferbloat.net/pipermail/cerowrt-devel/2014-September/003543.html

On Sat, Oct 4, 2014 at 10:07 PM, Matt Taggart <matt@lackof.org> wrote:

> Hi cerowrt-devel,
>
> In a default 3.10.50-1 install on the Network->Firewall->General settings
> page, there are some default zones for wan, lan, guest.
>
> They don't appear to have any interfaces assigned to them, I am guessing
> the intent is:
>
> ge00: wired wan port, should be 'wan' zone
> gw00, gw10: guest 2.4/5 wireless, should be 'guest' zone
> se00: wired switch ports, should be 'lan' zone
> sw00, sw10: secure 2.4/5 wireless, ? zone
> gw01, gw11: babel 2.4/5 wireless, ? zone
>
> 0) shouldn't the interfaces be assigned to zones?
>
> 1) If the intent is that se00, sw00, sw10 can all communicate freely, maybe
> the zone name should be 'private' or 'secure' (rather than 'lan') and they
> should all be part of that?
>
> 2) What zone should the babel devices be in, what do they need to be able
> to do?
>
> This is maybe a good segway into some other questions I have:
>
> * is there a good description of how the babel stuff works?
> I found this
>   http://www.bufferbloat.net/projects/cerowrt/wiki/Mesh
> which explains configuring, but I guess I would like something like a walk
> through of how a wireless client connects to an interior router and how
> things make it to the internet and back.
>
> * if I need to secure both my guest wireless and secure wireless networks,
> what does that mean for security of the babel networks and what (if
> anything) stops someone from using them? given that I haven't set
> credentials anywhere on the routers to make it work, I am guessing nothing.
> I think the last time I wirelessly connected two routers it was using the
> old Linksys WDS and it used credentials somehow...
>
> Thanks,
>
> --
> Matt Taggart
> matt@lackof.org
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>

[-- Attachment #2: Type: text/html, Size: 3046 bytes --]